How to create SSL socket connection with a custom trusted key store

Programming
C#
C++ (7)
Delphi (617)
Java (8)
Applets (4)
JavaScript (31)
perl (9)
php (4)
VBScript (1)
Visual Basic (1)

Exchange Links

About this site

Links to us

How to create SSL socket connection with a custom trusted key store

This article has not been rated yet. After reading, feel free to leave comments and rate it.

Question:

I dynamically add a trusted certificate to Tomcat's trustedKeyStore. How can I make them effective without restarting Tomcat? Basically, I want to force the JVM to re-read the list of trusted keys.

Answer:

You need to create your own custom SSLSocketFactory, which will use a customized SSLContext. In the example below, I created a custom SSLContext where I both specify the keystore and the trusted key store.
You may need to specify the custom trust manager only.

Replace
context.init(kms, tms, null);
with
context.init(null, tms, null);

  String TRUSTED_KEYSTORE = "/etc/ssl/trusted_keys.keystore";
  String trustStorePassword = "secret";
        
        
protected KeyManager[] getKeyManagers() throws IOException, GeneralSecurityException {
                
        String alg=KeyManagerFactory.getDefaultAlgorithm();
        KeyManagerFactory kmFact=KeyManagerFactory.getInstance(alg);
                
        FileInputStream fis=new FileInputStream(TRUSTED_KEYSTORE);
        KeyStore ks=KeyStore.getInstance("jks");
        ks.load(fis, trustStorePassword.toCharArray());
        fis.close();
        
        kmFact.init(ks, trustStorePassword.toCharArray());
        
        return kmFact.getKeyManagers();
}
                        
                        
protected TrustManager[] getTrustManagers() throws IOException, GeneralSecurityException {
                        
        String alg=TrustManagerFactory.getDefaultAlgorithm();
        TrustManagerFactory tmFact=TrustManagerFactory.getInstance(alg);
                        
        FileInputStream fis=new FileInputStream(TRUSTED_KEYSTORE);
        KeyStore ks=KeyStore.getInstance("jks");
        ks.load(fis, trustStorePassword.toCharArray());
        fis.close();
                                
        tmFact.init(ks);
                         
        return tmFact.getTrustManagers();
}
                        
                        
protected SSLSocketFactory getSSLSocketFactory() throws IOException, GeneralSecurityException {
                
        TrustManager[] tms=getTrustManagers();
                        
        KeyManager[] kms=getKeyManagers();
                
        SSLContext context=SSLContext.getInstance("SSL");
        context.init(null, tms, null);
                 
        return context.getSocketFactory();
}


//
// main code
//

SSLSocketFactory socketFactory = (SSLSocketFactory) getSSLSocketFactory();

clientSocket = (SSLSocket) socketFactory.createSocket(IP_Address, 443);

Send a message to
Subject

Comments:

NEW: Optional: Register Login Email address (not necessary): Rate as	Hide my email when showing my comment. Please notify me once a day about new comments on this topic. Please provide a valid email address if you select this option, or post under a registered account.

	Show city and country Show country only Hide my location
You can mark text as 'quoted' by putting [quote] .. [/quote] around it.
Please type in the code:
Please do not post inappropriate pictures. Inappropriate pictures include pictures of minors and nudity. The owner of this web site reserves the right to delete such material. Add a picture:


	Search: